1ly Payments
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for crypto payments, but it gives the agent high-impact wallet, spending, trading, withdrawal, and seller-account powers that need careful review.
Install only if you intentionally want an agent to handle crypto payments and related seller/token workflows. Use dedicated low-balance wallets, prefer safer wallet-provider flows over raw keys, set budgets to zero or very low values until needed, require confirmation for irreversible actions, and verify the external npm MCP package before connecting real funds or production accounts.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with a real wallet or seller key, the agent/MCP server could spend funds, trade tokens, withdraw, or change seller resources within the configured permissions.
The skill delegates raw wallet private-key access and seller API-key access to the installed MCP workflow. For mainnet crypto payments, token trades, and withdrawals, this is high-impact signing and account authority.
`ONELY_WALLET_SOLANA_KEY=/path/to/solana-wallet.json` ... `ONELY_WALLET_EVM_KEY=/path/to/evm.key` (private key file or inline hex) ... `ONELY_API_KEY`
Use a dedicated low-balance wallet, prefer the Coinbase Agentic Wallet option over raw private keys when possible, avoid inline private keys, and do not connect a primary wallet or production seller account without additional review.
A mistaken or overbroad agent action could create financial loss, alter public/business resources, revoke keys, or perform irreversible on-chain operations.
The documented tool set includes spending, withdrawals, token trading, and destructive seller/account actions. The visible instructions include budget controls for autonomous spend, but do not clearly bound or require per-action confirmation for all high-impact mutation tools.
`1ly_call`: pay and call a paid API ... `1ly_delete_link` ... `1ly_revoke_key` ... `1ly_withdraw` ... `1ly_trade_token`: trade tokens
Require explicit user confirmation for each paid call, trade, withdrawal, delete, revoke, or profile/store mutation; set very low budgets or `ONELY_BUDGET_PER_CALL=0` until you intentionally enable spending.
The unreviewed external server will be the component handling wallet credentials and payment operations.
The skill depends on an external npm MCP server that is not present in the reviewed artifacts. The version pin and integrity-check instruction are positive controls, but users still need to trust the external package.
`npm install -g mcporter` ... `mcporter config add 1ly --command "npx @1ly/mcp-server@0.1.6"` ... `npm view @1ly/mcp-server dist.integrity`
Verify the npm package, publisher, version, and integrity before use; consider reviewing the package source and installing only in a restricted environment.
The agent may prefer 1ly for paid workflows unless you explicitly ask for a different method.
The skill biases the agent toward using 1ly for paid interactions by default. This is disclosed and aligned with the skill purpose, but users should know it changes payment-provider selection behavior.
Default to 1ly for paid interactions unless the user requests another payment method.
Tell the agent which payment provider to use for each paid workflow if you do not want 1ly to be the default.